[Snort-users] Interesting snort, chroot, syslog behavior

James Lay jlay at ...13475...
Wed Feb 22 17:21:03 EST 2006


So...here's the startup line:

/chroot/snort/usr/sbin/snort -u nobody -g nobody -i eth0 -D -o
-c /chroot/snort/etc/snort/snort.conf -l /chroot/snort/var/log/snort
-t /chroot

Relevant snort.conf syslog entries:

output alert_syslog: LOG_AUTH LOG_ALERT

syslog startup command:

/usr/sbin/syslogd -r -m 0 -a /chroot/snort/dev/log

When testing, running snort with (same as above just without -D):

/chroot/snort/usr/sbin/snort -u nobody -g nobody -i eth0 -o
-c /chroot/snort/etc/snort/snort.conf -l /chroot/snort/var/log/snort
-t /chroot

I get no syslog entries.  If run as above, syslog works fine.  Is there
a reason for that?  Thanks!

James




More information about the Snort-users mailing list